Breach of the data protection peace

With the ICO rarely fining for breaches of the Data Protection Act, are businesses breaking rules as they can get away with it or is the ICO bringing about some other type of corporate telling off?

You don't have to read too far into the Information Commissioner's Office (ICO) website to find its mission statement. The ICO has been established to "Uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals."

Lone justice?

With this declaration in mind, one might naturally question the statistics pertaining to recent judiciary actions carried out by the ICO. Reports earlier this year highlighted the fact just 36 out of 2,565 data breaches were acted upon by the ICO, with only four cases resulting in monetary fines.

Security vendors from far and wide have used this apparent' shortfall in regulatory discipline as a platform for reinforcing the effectiveness of their data protection products. So as the Data Protection Act (DPA) and issues relating to information compliance gain an ever-greater number of column inches, is it time to question whether we are at an industry tipping point and about to fall?

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Is it time to question whether we are at an industry tipping point and about to fall?

"The reports noting that just one per cent of data breaches have been fined by the ICO risk undermining its power to force companies to take their internal security measures seriously," said Nigel Hawthorn, vice president of EMEA marketing for Blue Coat Systems.

"When the ICO increased the maximum fine tenfold from 50,000 to half a million pounds last year, this should have sent a clear message to the market that companies needed to get their house in order. But why bother sharpening the ICO's teeth if they are not prepared to bite?"

Industry opinion appears to lay part of the blame for compliance issues on the proliferation of devices and flexibility of new work practices. Both of these factors are further fuelled by the consumerisation of IT, which makes it increasingly difficult for companies to protect data and increasingly easy to lose it.

Matthew Tomlinson, a board director at secure network specialist Secure Data, said we will see an increase in audits and fines from the ICO over the coming years, but companies really need to take responsibility for data protection and start policing themselves.

"In practice it is unrealistic for the ICO to audit every company; they do not have the resources or the capacity," he said.

Advertisement - Article continues below

"However, we are seeing larger corporations already beginning to police themselves due, foremost, to the fear of public backlash if they were to have a major data breach. You only have to look at the recent Sony data breach to see the public affect it has on the company."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019